Skip to content

Remove Redundant and Misplaced Test Cases from the Credential Verifier Test Matrix #1162

Description

@manuraf

Summary

A review of the test cases currently listed in the Credential Verifier Test Matrix (Remote Presentation flow) reveals a set of entries that should be removed. The reasons vary: some tests are duplicates of existing, more precise entries; others describe behaviour that is the responsibility of the Wallet Instance, not the Credential Verifier; some rely on parameters that are no longer present in recent RP metadata specifications; and a few have descriptions too generic to be actionable or independently verifiable.

Keeping these entries in the test plan creates confusion about scope, inflates the total test count without adding coverage, and may introduce maintenance burden.

Proposed Change

Remove the 11 test entries listed below from the Credential Verifier Test Matrix.

Test ID Title Reason for Removal
RPR-15 Error Logging The description ("Verify error logging. Errors are logged appropriately.") is too generic to define a concrete assertion or pass/fail criterion for a Credential Verifier.
RPR-24 Response Timeout Handling The test describes a retry mechanism on response timeout. Retry behaviour is the responsibility of the Wallet Instance, not the Credential Verifier.
RPR-50 User Notification of Consent Changes User consent notification is handled by the Wallet Instance. This test is out of scope for the Credential Verifier test matrix.
RPR-51 User Consent for Sensitive Data User consent for sensitive data is handled by the Wallet Instance. This test is out of scope for the Credential Verifier test matrix.
RPR-61 User Notification of Consent Revocation User consent revocation is handled by the Wallet Instance. This test is out of scope for the Credential Verifier test matrix.
RPR-74 QR Code Scanning with Different Devices Semantically identical to RPR-06, which already tests QR Code scanning with different devices.
RPR-75 QR Code Scanning with Different Apps Semantically identical to RPR-47, which already tests QR Code scanning with different apps.
RPR-97 Wallet Attestation Request via DCQL This requirement is no longer present in recent specification versions; the test case is therefore obsolete.
RPR-100 Wallet Attestation Presentation This requirement is no longer present in recent specification versions; the test case is therefore obsolete.
RPR-111 Error Code Consistency Across Endpoints The description ("Test that error codes are consistent across different endpoints") is too generic to define a concrete, independently testable assertion. Should be removed or decomposed into targeted sub-tests.
RPR-113 Redirect URI Security (Trusted Third-Party Attestation) The redirect_uris parameter is no longer included in RP metadata. Attesting redirect_uri via a trusted third party is therefore not applicable.

Rationale

  • Clarity: removing generic, wallet-scoped, and duplicate entries makes the test plan accurately reflect the real scope of what a Credential Verifier must implement and can be assessed against.
  • Correct scope: tests that describe Wallet Instance behaviour do not belong in the Credential Verifier matrix and should not be part of a Credential Verifier conformance assessment.
  • Specification alignment: entries based on requirements that have been removed from the specification must be retired to keep the test matrix in sync with the current normative reference.
  • Maintenance: duplicate entries require duplicate maintenance work whenever the referenced base tests change.
  • Metrics accuracy: the presence of redundant and out-of-scope entries inflates the "total tests" count and distorts coverage reporting.

Metadata

Metadata

Assignees

Labels

enhancementSomething improving existing features

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions